Inhalt 1. CERTIFICATION PROCEDURE... 2 1.1 Audit Preparation... 2 1.2 Audit Stage 1... 2 1.3 Audit Stage 2 Certification Audit... 3 1.4. Issue of Certificate... 3 2. SURVEILLANCE AUDIT... 3 3. RECERTIFICATION AUDIT... 4 4. EXTENSION OF SCOPE AUDIT... 4 4.1. Short notice audits... 4 5. TRANSFER OF CERTIFICATION FROM OTHER CERTIFICATION BODIES... 4 6. CERTIFICATION OF COMPANIES WITH MULTIPLE LOCATIONS (MULTI-SITE)... 5 7. MANAGEMENT OF NON-CONFORMITIES... 5 Service Description ISO 22000, HACCP, DIN 15593 1 von 5 Rev. 01./10.15
The certification of a management system based on standard ISO 22000, HACCP und DIN 15593 respectively, consists of the offer and contract phase, the audit preparation, performance of the Stage 1 audit with evaluation of the management documentation, performance of the Stage 2 audit, issue of certificate and surveillance/recertification. The auditors are selected by the Head of the Certification Body of TÜV NORD CERT GmbH in accordance with their approvals for the particular sector and their qualification. 1. CERTIFICATION PROCEDURE 1.1 Audit Preparation Following signing of the contract, the auditor prepares for the audit based on the questionnaire filled in by the customer and the calculation sheet, and discusses and agrees the further procedure with the organization to be audited. During preparation for the surveillance or recertification audit, the organizations to be audited have the duty to report fundamental changes in their organisational structure or changes in procedure to the certification body. 1.2 Audit Stage 1 The Stage 1 audit is conducted in order to audit the management system documentation of the customer, assess the site and site-specific conditions of the customer and hold discussions with the personnel of the organization in order to determine the degree of preparedness for the Stage 2 audit, assess the status of the customer and his understanding of the requirements of the ISO 22000, particular with regard to identification of key performance or significant aspects, processes, objectives and operation of the management system, collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, health and safety legal aspects of the client's operation, associated risks, etc.), review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit, evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit. If nonconformities were identified in the stage 1 audit, these must be corrected by the customer before the stage 2 audit. If at the end it cannot be established positively that the customer is ready for the Stage 2 Audit, the audit is broken off after the Stage 1 Audit. The lead auditor is responsible for the coordination of the activities of the stage 1 audit and if necessary for coordination and cooperation of the auditors concerned amongst themselves. Service Description ISO 22000, HACCP, DIN 15593 2 von 5 Rev. 01./10.15
1.3 Audit Stage 2 Certification Audit The customer receives an audit plan at the beginning of the stage 2 audit. The plan is agreed with the customer in advance. The audit begins with a start-up meeting, in which the participants are introduced to each other. The procedure to be followed in the audit is explained. Within the framework of the audit at the organization's premises, the auditors review and assess the effectiveness of the management system which has been installed. The basis for this is standard DIN EN ISO 22000, HACCP (reffered to CAC/RCP 1-1969, Rev. 4-2003) and DIN 15593 respectively. The task of the auditors is to compare the practical application of the management system with the documented processes and to assess them in relation to fulfilment of the requirements of the standard. This is achieved by means of questioning of the employees, examining the relevant documents, records, orders and guidelines and also by visiting relevant areas of the organization A final meeting takes place at the end of the on-site audit. At least those employees take part in the audit who have management functions within the organization and whose areas were included in the audit. The lead auditor reports on the individual elements and explains the positive and negative results. If nonconformities are established, the lead auditor can only recommend the organization for issue of the certificate after acceptance or verification of the corrective actions by the audit team, see Section 7 "Management of nonconformities". Attention must be drawn to this fact in the final meeting. The audit is documented in the audit report (the documentation must be separate for stage 1 and stage 2 audits) and is completed by means of further records (e.g. audit questionnaire and handwritten records) 1.4. Issue of Certificate The certificate is issued when the certification procedure has been reviewed and released by the head of the certification body or his deputy or nominated representative. The person who reviews and releases the procedure may not have participated in the audit. The certificate can only be issued when the nonconformities have been accepted or verified by the audit team. The certificates are valid for 3 years. 2. SURVEILLANCE AUDIT The company data are updated before the surveillance audit, in order to take any changes which have a significant influence on the area of activity or the operational methods of the client into consideration. Surveillance audits must be conducted once per year during the period of validity of the certificate. Surveillance audits shall be performed prior the due date / audit-relevant date. The audit-relevant date for the annual surveillance audit, which follows the initial certification audit, may not be later than 12 months after the last day of the stage 2 audit. The audit-relevant date controls all the surveillance audits. Each surveillance audit including review and acceptance and verification, if appropriate, of the measures for correction of nonconformities, drafting of the audit report and release by the certification body, must be completed at the latest 3 months after the audit-relevant date. Service Description ISO 22000, HACCP, DIN 15593 3 von 5 Rev. 01./10.15
Within the framework of annual surveillance, a surveillance audit can be conducted at the earliest 3 months before the audit-relevant date. Permissible tolerance for conducting annual surveillance audits: audit-relevant date -3/+ 0 months. In case of nonconformities, the same procedure is followed as for the certification audit. The certificate can be withdrawn in case of major nonconformities. Following the surveillance audit, the client receives a report. 3. RECERTIFICATION AUDIT Recertification audits including the review of corrective actions of identified nonconformities have to be completed prior to the expiry of the certificate. The recertification shall consider a continuous certification. In the recertification audit, a review of the documentation of the management system of the organization takes place and an on-site audit is conducted, whereby the results of the previous surveillance programme(s) over the period of the certification are to be taken into consideration. All requirements of the standard are audited. Activities related to the recertification audit may include a stage 1 audit if there are significant changes in the management system or in connection with the activities of the organization (e.g. changes to the law). Changes to the FSMS system must be submitted in advance by the client in writing along with the corresponding documents. The audit methods used in the recertification audit correspond to those used in a stage 2 audit. 4. EXTENSION OF SCOPE AUDIT If it is intended to extend the scope of an existing certificate, this can be implemented by means of an extension audit. An extension audit can be conducted within the framework of a surveillance audit, a recertification audit or at a time which is set independently. The period of validity of a certificate does not change as a result. Exceptions must be justified in writing. 4.1. Short notice audits It may be necessary at short notice to investigate complaint, in response to changes or as follow up on suspended client. In such cases the certification body shall describe the conditions under which these short notice announced visits are to be conducted, it does not exist the possibility to raise against members of the audit team Objection. 5. TRANSFER OF CERTIFICATION FROM OTHER CERTIFICATION BODIES In general, only certificates from accredited certification bodies can be taken over. Organizations with certificates which originate from non-accredited certification bodies are treated like new clients. Service Description ISO 22000, HACCP, DIN 15593 4 von 5 Rev. 01./10.15
A "Pre-Transfer-Review must be conducted by a competent person from the certification body which is taking over the certificate. This review generally consists of an examination of important documents and a visit to the client. Certificates which have been suspended, or where there is risk of suspension, may not be taken over. Any nonconformities which have not been corrected should as far as practicable be clarified with the previous Certifier before the takeover. Otherwise they must be dealt with in the audit. The further surveillance programme is based on the programme which has been in place up to the time of the takeover of the certificate. 6. CERTIFICATION OF COMPANIES WITH MULTIPLE LOCATIONS (MULTI-SITE) Certification of organizations with several production sites/branch offices/locations etc. with similar types of activity and which operate under a single management system may be done by means of random sampling procedure. Random sampling is only possible for companies with more than 20 sites and for categories A (agriculture, animals), B (agriculture, plants), E (Catering), F (Distribution) and G (transport and storage). 7. MANAGEMENT OF NON-CONFORMITIES An analysis of the causes must be performed for each nonconformity and corresponding corrective actions must be implemented. The organization has the duty, depending on the seriousness of the nonconformity, to inform the audit team within 90 days either with regard to the corrective actions which have been laid down and the dates for their implementation or that the corrective actions have been implemented. If this period is not observed, the audit is considered not to be successful, i. e. not to be passed. No certificate can be issued, or an existing certificate is withdrawn. Service Description ISO 22000, HACCP, DIN 15593 5 von 5 Rev. 01./10.15